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Abstract 
This memo defines a portion of the Management Information Base (MIB) 
for use with network management protocols in TCP/IP-based internets. 


In particular, it defines objects for managing networks using Layer 2 
Tunneling Protocol (L2TP). 
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1.0 Introduction 


This memo defines a portion of the Management Information Base (MIB) 
for use with network management protocols in the Internet Community. 
In particular, it describes managed objects used for managing L2TP 


devices. 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 
document are to be interpreted as described in [RFC2119]. 


2.0 The SNMP Management Framework 


The SNMP Management Framework presently consists of five major 


components: 


o An overall architecture, described in RFC 2571 [RFC2571]. 


o Mechanisms for describing and naming objects and events for the 
purpose of management. The first version of this Structure of 
Management Information (SMI) is called SMIv1 and described in STD 


16, RFC 1155 [RFC1155], STD 16, RFC 1212 


[RFC1212] and RFC 1215 


[RFC1215]. The second version, called SMIv2, is described in STD 


58, RFC 2578 [RFC2578], STD 58, RFC 2579 
2580 [RFC2580]. 
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o Message protocols for transferring management information. The 
first version of the SNMP message protocol is called SNMPv1 and 
described in STD 15, RFC 1157 [RFC1157]. A second version of the 
SNMP message protocol, which is not an Internet standards track 
protocol, is called SNMPv2c and described in RFC 1901 [RFC1901] and 
RFC 1906 [RFC1906]. The third version of the message protocol is 
called SNMPv3 and described in RFC 1906 [RFC1906], RFC 2572 
[RFC2572] and RFC 2574 [RFC2574]. 


o Protocol operations for accessing management information. The 
first set of protocol operations and associated PDU formats is 
described in STD 15, RFC 1157 [RFC1157]. A second set of protocol 
operations and associated PDU formats is described in RFC 1905 
[RFC1905]. 


o A set of fundamental applications described in RFC 2573 [RFC2573] 
and the view-based access control mechanism described in RFC 2575 
[RFC2575]. 


A more detailed introduction to the current SNMP Management Framework 
can be found in RFC 2570 [RFC2570]. 


Managed objects are accessed via a virtual information store, termed 
the Management Information Base or MIB. Objects in the MIB are 
defined using the mechanisms defined in the SMI. 


This memo specifies a MIB module that is compliant to the SMIv2. A 
MIB conforming to the SMIvl can be produced through the appropriate 
translations. The resulting translated MIB must be semantically 
equivalent, except where objects or events are omitted because no 
translation is possible (use of Counter64). Some machine readable 
information in SMIv2 will be converted into textual descriptions in 
SMIv1 during the translation process. However, this loss of machine 
readable information is not considered to change the semantics of the 
MIB. 


Caves, et. al. Standards Track [Page 3] 


RFC 3371 L2TP Management Information Base August 2002 


3.0 Overview 


The objects defined in this MIB are to be used when describing Layer 
Two Tunneling Protocol (L2TP) tunnels. The L2TP protocol is defined 
in [RFC2661]. This MIB consists of seven groups briefly described 
below: 


12tpConfigGroup 

12tpStatsGroup 
These two groups of objects provide information on the 
configuration, state and statistics of the L2TP protocol, its 
tunnels and sessions. These groups are mandatory for implementors 
of this MIB. 


12tpDomainGroup 
This optional group of objects provides configuration, state and 
statistical information for L2TP tunnel endpoint domains. A L2TP 
tunnel endpoint domain is considered to be a collection of L2TP 
devices typically belonging to a common administrative domain or 
geographic location. 


12tpMappingGroup 
This optional group contains mapping tables to assist management 
applications to map between protocol identifiers and table 
indices. 


12tpIpUdpGroup 
This group provides the state and statistics information for L2TP 
tunnels which are being transported by UDP/IP. This group is 
mandatory for L2TP implementations that support L2TP over UDP/IP. 


12tpSecurityGroup 
This group is optional for SNMP agents which support both 
authentication and privacy of SNMP messages for the management of 
L2TP keys. 


12tpTrapGroup 
This group contains the notifications that could be generated by a 
L2TP implementation. 


12tpHCPacketGroup 
This group is optional for L2TP implementations that could 
potentially overflow the L2TP Domain tables 32-bit statistics 
counters in less than an hour. 
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3.1 Relationship to the Interface MIB 


This section clarifies the relationship of this MIB to the Interfaces 
MIB [RFC2863]. Several areas of correlation are addressed in the 
following subsections. The implementor is referred to the Interfaces 
MIB document in order to understand the general intent of these 
areas. 


3.1.1 Layering Model 


This MIB contains several tables which are extensions to the IP 
Tunnel MIB described in [RFC2667] which itself defines extensions to 
the Interface MIB [RFC2863]. An L2TP tunnel is represented as a 
separate identifiable logical interface sub-layer. The tunnel stack 
layering model is described in [RFC2667]. 


In addition to that described in [RFC2667] an L2TP tunnel will not be 
at the top of the ifStack on a L2TP device that is acting as a L2TP 
Network Server (LNS). In this case PPP interfaces will be layered on 
top of the tunnel interface. 
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In the example diagram below, the interface layering is shown as it 
might appear at the LNS. 


+-------------------------------------------- + 
| Network Layer Protocol 
+-4+----------- +------------- +-------- == === - 

| | | | 

| 14 | | 

| MPPP | «=== PPP Multilink I/F 
++--++ 

| | | | | 

| +--+ +--+ | | 

| | | | | 

| +-+-+ +-+-+ +-+-+ +-+-+ 

| | PPP | | PPP | | PPP | |PPP| <=== PPP I/F 

| +-+—+ +-+—+ +-+—+ +-+—+ 

| | | | 

| +----+-------- +-------- +-------—- +----+ 

| | L2TP Tunnel I/F 

|  +------------------ +----------------- + 

| 
+-4--------------------- +—----- + 
| Ethernet | 
+------------------------------ + 


The ifStackTable is used to describe the layering of the interface 
sub-layers. For the example given above the ifTable and ifStackTable 
may appear as follows: 


ifIndex ifType Tunnel MIB tables Description 

1 ethernetCsmacd (6) Ethernet interface 

2 tunnel (131) tunnelIfTable Tunnel interface 
12tpTunnelConfigTable 
12tpTunnelStatsTable 

3 ppp (23) PPP interface #1 

4 ppp (23) PPP interface #2 

5 ppp (23) PPP interface #3 

6 ppp (23) PPP interface #4 

7 mlppp (108) MLPPP interface 
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The corresponding ifStack table entries would then be: 
ifStackTable Entries 


HigherLayer LowerLayer 


ISI MNOTRBVNER OCS 
BWNHNNNF OND U 


L2TP Access Concentrator (LAC) tunnel interfaces on the other hand 
appear at the top of the interface layering stack. In this case the 
layering model is as described in [RFC2667]. 


However in order to support the tunneling of packets received from 

interfaces carrying framed PPP packets on the LAC to the LNS (and the 
propagation of decapsulated PPP packets to that interface) additional 
configuration is required. This is further described in section 3.4. 


3.1.2 Interface MIB Objects 


Except where noted in the tables below, all objects MUST be supported 
from the ifGeneralInformationGroup and one of the following three 
groups: 


o ifPacketGroup OR 

o ifHCPacketGroup OR 

o ifVHCPacketGroup 
depending on the particular implementation. 
The following tables describe how objects from the 
ifGeneralInformationGroup and ifPacketGroup (similar support should 
be provided for the high and very high capacity packet groups) are to 
be interpreted and supported for L2TP tunnel interfaces. 


3.1.2.1 L2TP Tunnel Interfaces 


All Interface MIB objects not listed in the above groups for L2TP 
tunnel interfaces MUST be supported as described in [RFC2863]. 
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Interface MIB Object 


Support Description 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 
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ifDescr 


ifType 


ifMtu 


ifSpeed 


ifPhyAddress 


ifAdminStatus 


ifOperStatus 


ifInOctets 


ifInUcastPkts 


Refer to the Interface MIB. 
tunnel(131). 


Dependent on the tunnel transport layer. 
For UDP/IP transports the MTU should 
be 65467 (65535-60(IP)-8(UDP)). 


Return zero. 
The assigned tunnel identifier. 


Setting ifAdminStatus to ’up’ injects a 
‘Local Open’ request into the tunnel FSM. 
Setting ifAdminStatus to ’down’ injects 
a ”Tunnel Close’ event into the tunnel 
FSM. Setting ifAdminStatus to ”testing” 
is not currently defined but could be 
used to test tunnel connectivity. 


ifOperStatus values are to be interpreted 
as follows: 


‘up’ - tunnel is established. 

” down" - administratively down 
or peer unreachable. 

”testing” - in some test mode. 

”unknown" - status cannot be 
determined for some 
reason. 

‘dormant’ - operational but 


waiting for local or 
remote trigger to bring 
up the tunnel. 
‘“notPresent’ - configuration missing. 
” lowerLayerDown’ down due to state of 
lower-layer 
interface(s). 


The total number of octets received on the 
tunnel including control and payload 
octets. 


The total number of packets received on 
the tunnel including control and payload 
packets. 
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ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifTable. 


ifXTable. 


ifXTable. 


ifXTable. 


ifXTable. 


ifXTable. 


ifXTable. 


ifXTable. 
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ifInDiscards 


ifInErrors 


The total number of received packets that 
were discarded on both control and payload 
channels. 


The total number of packets received in 
error including control and payload 
packets. 


ifInUnknownProtos 


Return zero. 


ifOutOctets The total number of octets transmitted 
from the tunnel including control and 
payload octets. 

ifOutUcastPkts The total number of packets transmitted 
from the tunnel including control and 
payload packets. 

ifOutDiscards The total number of discarded packets that 
were requested to be transmitted including 
control and payload packets. 

ifOutErrors The total number of packets that were 
requested to be transmitted that were in 
error including control and payload 
packets. 

ifName Refer to the Interface MIB. 

ifInMulticastPkts 
Return zero. 

ifInBroadcastPkts 
Return zero. 

ifOutMulticastPkts 
Return zero. 

ifOutBroadcastPkts 
Return zero. 

ifOutBroadcastPkts 


Return zero. 


ifLinkUpDownTrapEnable 


Default set to enabled(1). 
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ifXTable.ifHighSpeed Return zero. 


ifXTable.ifPromiscuousMode 
Set to false(2). 


ifXTable.ifConnectorPresent 
Set to false(2). 


3.2 Relationship to other MIBs 
3.2.1 Relationship to the IP Tunnel MIB 


The IP Tunnel MIB [RFC2667] describes tunnel interfaces that have an 
ifType of tunnel(131). The IP Tunnel MIB is considered to contain a 
collection of objects common to all IP tunneling protocols, including 
L2TP. In addition to the IP Tunnel MIB, tunnel encapsulation 
specific MIBs (like this MIB) extend the IP Tunnel MIB to further 
describe encapsulation specific information. Implementation of the 
IP Tunnel MIB is required for L2TP tunnels over IP. 


3.3 L2TP Tunnel Creation 


Tunnel creation is detailed for tunnels over IP in the IP Tunnel MIB. 
The creation of a tunnelIfEntry in [RFC2667] when the encapsulation 
method is "l2tp" will have the side effect of creating entries in the 
12tpTunnelConfigTable, 12tpTunnelStatsTable and the 
12tpUdpStatsTable's. 


The creation of L2TP tunnel interfaces over transports other than IP 
is expected to be defined in the MIB definition for that specific 
L2TP tunnel transport. 


3.4 L2TP Session Mapping 


The 12tpSessionMapTable table allows management applications to 
determine which session within a tunnel a particular interface 
(either a PPP or DSO interface) is mapped to. On the LAC it also 
provides a management application the ability to map a particular 
physical or virtual interface terminating a PPP link to a particular 
L2TP tunnel. This is required since the interface stacking as 
performed (and instrumented by the ifStackTable) on the LNS cannot be 
applied at the LAC. 


Caves, et. al. Standards Track [Page 10] 


RFC 3371 L2TP Management Information Base August 2002 


The following diagram illustrates the conceptual binding that occurs. 


+--------------------------------------- + 
| L2TP Session Map Database | 
+---------- +----------------- +---------- + 
| | 
+---+---+ +—---- +—----- + 
| aso | Tunnel I/F | 
+---+---+ +—---- +—----- + 
| | 
+---+---+ +----- +—----- - 
| ası | Ethernet 
+------- - +------------ + 


The stacking of the individual interface stacks would be described by 
the ifStackTable. 


4.0 L2TP Object Definitions 
L2TP-MIB DEFINITIONS ::= BEGIN 


IMPORTS 
Integer32, Unsigned32, Counter32, Gauge32, 
Counter64, transmission, MODULE-IDENTITY, 
OBJECT-TYPE, NOTIFICATION-TYPE 

FROM SNMPv2-SMI 

TEXTUAL-CONVENTION, RowStatus, TruthValue, 

StorageType 

FROM SNMPv2-TC 

SnmpAdminString 

FROM SNMP-FRAMEWORK-MIB 

OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP 

FROM SNMPv2-CONF 

InterfaceIndex 

FROM IF-MIB; 


12tp MODULE-IDENTITY 
LAST-UPDATED "2002082300002" -- 23 August 2002 
ORGANIZATION "IETF L2TP Working Group" 


CONTACT-INFO 
"Evan Caves 
Postal: Occam Networks 
77 Robin Hill Road 
Santa Barbara, CA, 93117 
Tel: +1 805692 2900 
Email: evan@occamnetworks.com 


Pat R. Calhoun 
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Postal: Black Storm Networks 
110 Nortech Parkway 
San Jose, CA, 95143 
Tel: +1 408 941-0500 
Email: pcalhoun@bstormnetworks.com 


Ross Wheeler 
Postal: DoubleWide Software, Inc. 
2953 Bunker Hill Lane 


Suite 101 

Santa Clara, CA 95054 
Tel: +1 6509260599 
Email: ross@doublewidesoft.com 


Layer Two Tunneling Protocol Extensions WG 


Working Group Area: Internet 

Working Group Name: 12tpext 

General Discussion: 12tp@l2tp.net" 
DESCRIPTION 


"The MIB module that describes managed objects of 
general use by the Layer Two Transport Protocol." 


-- revision log 
REVISION "2002082300002" -- 23 August 2002 
DESCRIPTION 

"First revision, published as RFC 3371." 


:= { transmission 95 } 


Textual Conventions 


L2tpMilliSeconds ::= TEXTUAL-CONVENTION 
DISPLAY-HINT "d=3:" 
STATUS current 
DESCRIPTION 


Caves, 


et. 


"A period of time measured in units of .001 of seconds 
when used in conjunction with the DISPLAY-HINT will 


2002 


show seconds and fractions of second with a resolution 


of .001 of a second." 
SYNTAX Integer32 (0..2147483646) 


Definitions of significant branches 


al. Standards Track [Page 12] 


RFC 3371 L2TP Management Information Base August 2002 


12tpNotifications OBJECT IDENTIFIER ::= { 12tp 0 } 
12tpObjects OBJECT IDENTIFIER ::= { 12tp 1 } 
l2tpTransports OBJECT IDENTIFIER ::= { 12tp 3 } 
12tpConformance OBJECT IDENTIFIER ::= { 12tp 4 } 


== Definitions of significant branches under 12tpObjects 


12tpScalar OBJECT IDENTIFIER = { 12tpObjects 1 } 
12tpConfig OBJECT IDENTIFIER = { 12tpScalar 1 } 
12tpStats OBJECT IDENTIFIER = { 12tpScalar 2 } 


== Definitions of significant branches under 12tpTransports 


mre Note that future transports of L2TP (e.g.: Frame relay) 
== should create their own branch under l2tpTransports. 


l2tpTransportIpUdp OBJECT IDENTIFIER ::= { 12tpTransports 1 } 
12tpIpUdpObjects OBJECT IDENTIFIER :: 12tpTransportIpUdp 1 } 
12tpIpUdpTraps OBJECT IDENTIFIER ::= { 12tpTransportIpUdp 2 } 


ll 
~ 


== The L2TP Scalar Configuration Group 


== This group of objects is used to manage configuration 
-- of the L2TP protocol environment. 


12tpAdminState OBJECT-TYPE 
SYNTAX INTEGER { 
enabled (1) 


disabled (2) 
} 


MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object defines the administrative state of 
the L2TP protocol. Setting this object to 
‘disabled’ causes all tunnels to be immediately 
disconnected and no further tunnels to be either 
initiated or accepted. The value of this object 
must be maintained in non-volatile memory." 

::= { 12tpConfig 1 } 


12tpDrainTunnels OBJECT-TYPE 
SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
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DESCRIPTION 
"Setting this object to ’true’ will prevent any new 
tunnels and/or sessions to be either initiated or 
accepted but does NOT disconnect any active 
tunnels/sessions. Setting this object to true(1) 
causes all domains and their respective tunnels 
to transition to the draining state. Note that 
when this occurs the ’xxxDraining’ status objects 
of the domains and their tunnels should reflect 
that they are ”draining”. Setting this object has 
no affect on the domains or their tunnels 
”xxxDrainTunnels'” configuration objects. To cancel 
a drain this object should be set to false(2). 
The object 12tpDrainingTunnels reflects 
the current L2TP draining state. The value of 
this object must be maintained in non-volatile 
memory." 
::= ( 12tpConfig 2 } 
2S The L2TP Scalar Status and Statistics Group 
= This group of objects describe the current state and 
== statistics of L2TP. 
12tpProtocolVersions OBJECT-TYPE 
SYNTAX OCTET STRING (SIZE(2..256) ) 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"Vector of supported L2TP protocol version and 
revision numbers. Supported versions are identified 
via a two octet pairing where the first octet indicates 
the version and the second octet contains the revision." 
::= { 12tpStats I } 
12tpVendorName OBJECT-TYPE 
SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"This object identifies the Vendor name of the L2TP 
protocol stack." 
:= { 12tpStats 2 } 
12tpFirmwareRev OBJECT-TYPE 
SYNTAX Integer32 
MAX-ACCESS read-only 
Caves, et. al. Standards Track [Page 14] 


RFC 3371 L2TP Management Information Base August 2002 


STATUS current 

DESCRIPTION 
"This object defines the firmware revision for the 
L2TP protocol stack." 

::= { 12tpStats 3 } 


12tpDrainingTunnels OBJECT-TYPE 
SYNTAX TruthValue 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object indicates if the local L2TP is draining 
off sessions from all tunnels." 
::= { 12tpStats 4 } 


== The L2TP Domain Configuration Table 


12tpDomainConfigTable OBJECT-TYPE 


SYNTAX SEQUENCE OF L2tpDomainConfigEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The L2TP Domain configuration table. This table 
contains objects that can be used to configure 
the operational characteristics of a tunnel 
domain. There is a 1-1 correspondence between 
conceptual rows of this table and conceptual 
rows of the 12tpDomainStatsTable." 

::= { 12tpObjects 2 } 


12tpDomainConfigEntry OBJECT-TYPE 


SYNTAX L2tpDomainConfigEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"An L2TP Domain configuration entry. An entry in this 
table may correspond to a single endpoint or a group 
of tunnel endpoints." 

INDEX { 12tpDomainConfigId } 
::= { 12tpDomainConfigTable 1 } 


L2tpDomainConfigEntry ::= 
SEQUENCE { 
12tpDomainConfigId 
SnmpAdminString, 
12tpDomainConfigAdminState 
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INTEGER, 
12tpDomainConfigDrainTunnels 
TruthValue, 
12tpDomainConfigAuth 
INTEGER, 
12tpDomainConfigSecret 
SnmpAdminString, 
12tpDomainConfigTunnelSecurity 
INTEGER, 
12tpDomainConfigTunnelHelloInt 
Integer32, 
12tpDomainConfigTunnelIdleTO 
Integer32, 
12tpDomainConfigControlRWS 
Integer32, 
12tpDomainConfigControlMaxRetx 
Integer32, 
12tpDomainConfigControlMaxRetxTO 
Integer32, 
12tpDomainConfigPayloadSeq 
INTEGER, 
12tpDomainConfigReassemblyTO 
L2tpMilliSeconds, 
12tpDomainConfigProxyPPPAuth 
TruthValue, 
12tpDomainConfigStorageType 
StorageType, 
12tpDomainConfigStatus 

RowStatus 


} 


12tpDomainConfigId OBJECT-TYPE 


SYNTAX SnmpAdminString (SIZE (1..80)) 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The identifier, usually in the form of a Domain 
Name (full or partial), describing a single tunnel 
endpoint or a domain of tunnel endpoints. This is 
typically used as a ‘handle’ to identify the 

tunnel configuration requirements for both incoming 
and outgoing tunnel connection attempts. Both the 
LAC and LNS could use information provided in the 
Host Name AVP attribute however the tunnel initiator 
could use other means not specified to identify 

the domain’s tunnel configuration requirements. 

For example; three rows in this table have 
12tpDomainConfigId values of ’lacl.isp.com’, 
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”isp.com” and ’com’. A tunnel endpoint then identifies 
itself as ”lacl.isp.com” which would match the 
‘lacl.isp.com’ entry in this table. A second tunnel 
endpoint then identifies itself as ’lac2.isp.com’. 
This endpoint is then associated with the ’isp.com’ 
entry of this table." 

:= { 12tpDomainConfigEntry I } 


12tpDomainConfigAdminState OBJECT-TYPE 
SYNTAX INTEGER { 
enabled(1), 
disabled(2) 
) 


MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object defines the administrative state of this 
tunnel domain. Setting this object to disabled(2) 
causes all tunnels to be immediately disconnected 
and no further tunnels to be either initiated or 
accepted. Note that all columnar objects corresponding 
to this conceptual row cannot be modified when 
the administrative state is enabled EXCEPT those 
objects which specifically state otherwise." 

DEFVAL { enabled } 
::= ( 12tpDomainConfigEntry 2 } 


12tpDomainConfigDrainTunnels OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"Setting this object to ’true’ will prevent any new 
tunnels and/or sessions from being either initiated 
or accepted but does NOT disconnect any active 
tunnels/sessions for this tunnel domain. Setting 
this object to true(l) causes all tunnels within 
this domain to transition to the draining state. 
Note that when this occurs the 
12tpTunnelStatsDrainingTunnel status objects of 
all of this domain’s tunnels should reflect that 
they are ”draining”. Setting this object has no 
effect on this domain’s associated tunnels 
12tpTunnelConfigDrainTunnel configuration objects. 
To cancel a drain this object should be set to 
false(2). Setting this object to false(2) when 
the L2TP object 12tpDrainTunnels is true(l) has 
no affect, all domains and their tunnels will 


Caves, et. al. Standards Track [Page 17] 


RFC 3371 L2TP Management Information Base August 2002 


continue to drain." 
DEFVAL { false } 
::= ( 12tpDomainConfigEntry 3 } 


12tpDomainConfigAuth OBJECT-TYPE 
SYNTAX INTEGER { 
none(1), 
simple(2), 
challenge (3) 
) 


MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object describes how tunnel peers belonging 
to this domain are to be authenticated. The value 
simple(2) indicates that peers are authenticated 
simply by their host name as described in the Host 
Name AVP. The value challenge(3) indicates that 
all peers are challenged to prove their identification. 
This mechanism is described in the L2TP protocol." 
REFERENCE "RFC 2661 Section 5.1" 
DEFVAL ( none ) 
::= ( 12tpDomainConfigEntry 4 } 


12tpDomainConfigSecret OBJECT-TYPE 


SYNTAX SnmpAdminString (SIZE (0..255)) 
MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 


"This object is used to configure the shared secret 

used during the tunnel authentication phase of 

tunnel establishment. This object MUST be accessible 

only via requests using both authentication and 

privacy. The agent MUST report an empty string in 

response to get, get-next and get-bulk requests." 
::= { 12tpDomainConfigEntry 5 } 


12tpDomainConfigTunnelSecurity OBJECT-TYPE 


SYNTAX INTEGER { 
none(1), 
other (2), 
ipSec (3) 

} 

MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 


"This object defines whether this tunnel domain 
requires that all tunnels are to be secured. The 
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value of ipsec(3) indicates that all tunnel packets, 
control and session, have IP Security headers. The 
type of IP Security headers (AH, ESP etc) and how 
they are further described is outside the scope of 
this document." 
DEFVAL { none } 
:= { 12tpDomainConfigEntry 6 } 


12tpDomainConfigTunnelHelloInt OBJECT-TYPE 


SYNTAX Integer32 (0..3600) 
UNITS "seconds" 
MAX-ACCESS read-create 

STATUS current 
DESCRIPTION 


"This object defines the interval in which Hello 
(or keep-alive) packets are to be sent by local 
peers belonging to this tunnel domain. The value 
zero effectively disables the sending of Hello 
packets. This object may be modified when the 
administrative state is enabled for this conceptual 
row." 

DEFVAL { 60 } 

::= { 12tpDomainConfigEntry 7 } 


12tpDomainConfigTunnelIdleTO OBJECT-TYPE 


SYNTAX Integer32 (-1..86400) 
UNITS "seconds" 

MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 


"This object defines the period of time that an 
established tunnel belonging to this tunnel 
domain with no active sessions will wait before 
disconnecting the tunnel. A value of zero indicates 
that the tunnel will disconnect immediately after the 
last session disconnects. A value of -1 leaves the 
tunnel up indefinitely. This object may be modified 
when the administrative state is enabled for this 
conceptual row." 

DEFVAL { 0 } 

::= { 12tpDomainConfigEntry 8 } 


12tpDomainConfigControlRWS OBJECT-TYPE 


SYNTAX Integer32 (1..65535) 
MAX-ACCESS read-create 

STATUS current 

DESCRIPTION 


"This object defines the control channel receive 
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window size for tunnels belonging to this domain. It 
specifies the maximum number of packets the tunnel 
peer belonging to this domain can send without waiting 
for an acknowledgement from this peer." 

DEFVAL { 4 } 

::= { 12tpDomainConfigEntry 9 } 


12tpDomainConfigControlMaxRetx OBJECT-TYPE 


SYNTAX Integer32 (0..32) 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object defines the maximum number of retransmissions 
which the L2TP stack will attempt for tunnels belonging 
to this domain before assuming that the peer is no 
longer responding." 

DEFVAL { 5 } 

::= { 12tpDomainConfigEntry 10 } 


12tpDomainConfigControlMaxRetxTO OBJECT-TYPE 


SYNTAX Integer32 (1..32) 
UNITS "seconds" 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object defines the maximum retransmission timeout 
interval which the L2TP stack will wait for tunnels 
belonging to this domain before retransmitting a 
control packet that has not been acknowledged." 

DEFVAL { 16 } 
::= { 12tpDomainConfigEntry 11 } 


12tpDomainConfigPayloadSeq OBJECT-TYPE 
SYNTAX INTEGER { 
onDemand (1), 
never (2), 


always (3) 
} 
MAX-ACCESS read-create 
STATUS current 


DESCRIPTION 

"This object determines whether or not session payload 
packets will be requested to be sent with sequence 
numbers from tunnel peers belonging to this domain. 
The value onDemand(1) allows the L2TP implementation 
to initiate payload sequencing when necessary based 

on local information (e.g: during LCP/NCP negotiations 
or for CCP). The value never(2) indicates that L2TP 
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will never initiate sequencing but will do sequencing 
if asked. The value always(3) indicates that L2TP 
will send the Sequencing Required AVP during session 
establishment." 

DEFVAL { onDemand } 

::= { 12tpDomainConfigEntry 12 } 


12tpDomainConfigReassemblyTO OBJECT-TYPE 


SYNTAX L2tpMilliSeconds 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object defines the number of milliseconds that 
local peers of this tunnel domain will wait before 
processing payload packets that were received out of 
sequence (which are waiting for the packet(s) to put 
them in sequence). A low value increases the chance 
of delayed packets to be discarded (which MAY cause 
the PPP decompression engine to reset) while a high 
value may cause more queuing and possibly degrade 
throughput if packets are truly lost. The default 
value for this object is zero which will result in 
all delayed packets being lost." 

DEFVAL { 0 } 
::= { 12tpDomainConfigEntry 13 } 


12tpDomainConfigProxyPPPAuth OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object is used to configure the sending 
or acceptance of the PPP Proxy Authentication 
AVP’s on the LAC or LNS." 

DEFVAL { true } 
::= { 12tpDomainConfigEntry 14 } 


12tpDomainConfigStorageType OBJECT-TYPE 


SYNTAX StorageType 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The storage type for this conceptual row. 


Conceptual rows having the value ”permanent” must 
allow write-access at a minimum to: 


- 12tpDomainConfigAdminState and 
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12tpDomainConfigDrainTunnels at all times 
- 12tpDomainConfigSecret if 12tpDomainConfigAuth 
has been configured as ’challenge’ 


It is an implementation issue to decide if a SET for 

a readOnly or permanent row is accepted at all. In some 

contexts this may make sense, in others it may not. If 

a SET for a readOnly or permanent row is not accepted 

at all, then a ’wrongValue’ error must be returned." 
::= { 12tpDomainConfigEntry 15 ) 


12tpDomainConfigStatus OBJECT-TYPE 


SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The status of this Domain entry. Columnar objects 
corresponding to this conceptual row may be modified 
according to their description clauses when this 
RowStatus object is ’active’." 

::= { 12tpDomainConfigEntry 16 } 


== The L2TP Domain Status and Statistics Table 


12tpDomainStatsTable OBJECT-TYPE 
SYNTAX SEQUENCE OF L2tpDomainStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The L2TP Domain Status and Statistics table. This 
table contains objects that can be used to describe 
the current status and statistics of a tunnel domain. 
There is a 1-1 correspondence between conceptual 
rows of this table and conceptual rows of the 
12tpDomainConfigTable." 

::= { 12tpObjects 3 } 


12tpDomainStatsEntry OBJECT-TYPE 
SYNTAX L2tpDomainStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"An L2TP Domain Stats entry. An entry in this table 
may correspond to a single endpoint or a group of 
tunnel endpoints." 

AUGMENTS { 12tpDomainConfigEntry } 
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::= { 12tpDomainStatsTable 1 } 


L2tpDomainStatsEntry ::= 
SEQUENCE { 
12tpDomainStatsTotalTunnels 

Counter32, 
12tpDomainStatsFailedTunnels 
Counter32, 
12tpDomainStatsFailedAuths 
Counter32, 
12tpDomainStatsActiveTunnels 
Gauge32, 
12tpDomainStatsTotalSessions 
Counter32, 
12tpDomainStatsFailedSessions 
Counter32, 
12tpDomainStatsActiveSessions 
Gauge32, 
12tpDomainStatsDrainingTunnels 
TruthValue, 
12tpDomainStatsControlRxOctets 
Counter32, 
12tpDomainStatsControlRxPkts 
Counter32, 
12tpDomainStatsControlTxOctets 
Counter32, 
12tpDomainStatsControlTxPkts 
Counter32, 
12tpDomainStatsPayloadRxOctets 
Counter32, 
12tpDomainStatsPayloadRxPkts 
Counter32, 
12tpDomainStatsPayloadRxDiscs 
Counter32, 
12tpDomainStatsPayloadTxOctets 
Counter32, 
12tpDomainStatsPayloadTxPkts 
Counter32, 
12tpDomainStatsControlHCRxOctets 
Counter64, 
12tpDomainStatsControlHCRxPkts 
Counter64, 
12tpDomainStatsControlHCTxOctets 
Counter64, 
12tpDomainStatsControlHCTxPkts 
Counter64, 
12tpDomainStatsPayloadHCRxOctets 

Counter64, 
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12tpDomainStatsPayloadHCRxPkts 
Counter64, 

12tpDomainStatsPayloadHCRxDiscs 
Counter64, 

12tpDomainStatsPayloadHCTxOctets 
Counter64, 

12tpDomainStatsPayloadHCTxPkts 
Counter64 


} 


12tpDomainStatsTotalTunnels OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the total number of tunnels 
that have successfully reached the established 
state for this tunnel domain." 

::= { 12tpDomainStatsEntry 1 } 


12tpDomainStatsFailedTunnels OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of tunnels that 
failed (eg: connection timeout, unsupported 
or malformed AVP’s etc) to reach the established 
state for this tunnel domain." 

:= { 12tpDomainStatsEntry 2 } 


12tpDomainStatsFailedAuths OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of failed tunnel 
connection attempts for this domain because the 
tunnel peer failed authentication." 

::= { 12tpDomainStatsEntry 3 } 


12tpDomainStatsActiveTunnels OBJECT-TYPE 


Caves, 


et. 


SYNTAX Gauge32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of tunnels that 
are currently active for this domain." 


al. Standards Track 


[Page 24] 


RFC 3371 L2TP Management Information Base August 2002 


::= { 12tpDomainStatsEntry 4 } 


12tpDomainStatsTotalSessions OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the total number of sessions 
that have successfully reached the established 
state for this tunnel domain." 

::= { 12tpDomainStatsEntry 5 } 


12tpDomainStatsFailedSessions OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of sessions that 
failed (eg: connection timeout, unsupported 
or malformed AVP’s etc) to reach the established 
state for this tunnel domain." 

:= { 12tpDomainStatsEntry 6 } 


12tpDomainStatsActiveSessions OBJECT-TYPE 


SYNTAX Gauge32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of sessions that 
are currently active for this domain." 
::= { 12tpDomainStatsEntry 7 } 


12tpDomainStatsDrainingTunnels OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object indicates if this domain is draining 
off sessions from all tunnels." 
::= { 12tpDomainStatsEntry 8 } 


12tpDomainStatsControlRxOctets OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of control channel 
octets received for this tunnel domain." 
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::= { 12tpDomainStatsEntry 9 } 


12tpDomainStatsControlRxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of control packets 
received for this tunnel domain." 
::= { 12tpDomainStatsEntry 10 } 


12tpDomainStatsControlTxOctets OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of control channel 
octets that were transmitted to tunnel endpoints 
for this domain." 

::= { 12tpDomainStatsEntry 11 } 


12tpDomainStatsControlTxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of control packets 
that were transmitted to tunnel endpoints for 
this domain." 

:= { 12tpDomainStatsEntry 12 } 


12tpDomainStatsPayloadRxOctets OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of payload channel 
octets that were received for this tunnel domain." 
::= { 12tpDomainStatsEntry 13 } 


12tpDomainStatsPayloadRxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of payload packets 
that were received for this tunnel domain." 
::= { 12tpDomainStatsEntry 14 } 
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12tpDomainStatsPayloadRxDiscs OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of received payload 
packets that were discarded by this tunnel domain." 
:= { 12tpDomainStatsEntry 15 } 


12tpDomainStatsPayloadTxOctets OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of payload channel 
octets that were transmitted to tunnel peers 
within this tunnel domain." 

::= { 12tpDomainStatsEntry 16 } 


12tpDomainStatsPayloadTxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of payload packets 
that were transmitted to tunnel peers within 
this tunnel domain." 

::= { 12tpDomainStatsEntry 17 } 


-- High Capacity Counter objects. These objects are all 
-- 64 bit versions of the above 32-bit counters. These 
-- objects all have the same basic semantics as their 

-- 32-bit counterparts, however, their syntax has been 
-- extended to 64 bits. 


12tpDomainStatsControlHCRxOctets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsControlRxOctets." 
:= { 12tpDomainStatsEntry 18 } 


12tpDomainStatsControlHCRxPkts OBJECT-TYPE 
SYNTAX Counter64 
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STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsControlRxPkts." 
::= { 12tpDomainStatsEntry 19 } 


12tpDomainStatsControlHCTxOctets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsControlTxOctets." 
:= { 12tpDomainStatsEntry 20 } 


12tpDomainStatsControlHCTxPkts OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsControlTxPkts." 
::= { 12tpDomainStatsEntry 21 } 


12tpDomainStatsPayloadHCRxOctets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsPayloadRxOctets." 
::= { 12tpDomainStatsEntry 22 } 


12tpDomainStatsPayloadHCRxPkts OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsPayloadRxPkts." 
::= { 12tpDomainStatsEntry 23 } 


12tpDomainStatsPayloadHCRxDiscs OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
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"This object is a 64-bit version of 
12tpDomainStatsPayloadRxDiscs." 
::= { 12tpDomainStatsEntry 24 } 


12tpDomainStatsPayloadHCTxOctets OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsPayloadTxOctets." 
::= { 12tpDomainStatsEntry 25 } 


12tpDomainStatsPayloadHCTxPkts OBJECT-TYPE 


SYNTAX Counter64 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object is a 64-bit version of 
12tpDomainStatsPayloadTxPkts." 
::= { 12tpDomainStatsEntry 26 } 


The L2TP Tunnel Configuration Table 


12tpTunnelConfigTable OBJECT-TYPE 


SYNTAX SEQUENCE OF L2tpTunnelConfigEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The L2TP tunnel configuration table. This 
table contains objects that can be used to 
(re) configure the operational characteristics 
of a single L2TP tunnel. There is a 1-1 
correspondence between conceptual rows of 
this table and conceptual rows of the 
12tpTunnelStatsTable. Entries in this table 
have the same persistency characteristics as 
that of the tunnelConfigTable." 

REFERENCE "RFC 2667" 
::= { 12tpObjects 4 } 


12tpTunnelConfigEntry OBJECT-TYPE 
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SYNTAX L2tpTunnelConfigEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 
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"A L2TP tunnel interface configuration entry. 
Entries in this table come and go as a result 
of protocol interactions or on management 
operations. The latter occurs when a row is 
instantiated in the tunnelConfigTable row 
and the encapsulation method is ’12tp’." 

REFERENCE "RFC 2667" 
INDEX { 12tpTunnelConfigIfIndex } 
::= { 12tpTunnelConfigTable 1 } 


L2tpTunnelConfigEntry ::= 
SEQUENCE { 
12tpTunnelConfigIfIndex 
InterfaceIndex, 
12tpTunnelConfigDomainId 
SnmpAdminString, 
12tpTunnelConfigAuth 
INTEGER, 
12tpTunnelConfigSecret 
SnmpAdminString, 
12tpTunnelConfigSecurity 
INTEGER, 
12tpTunnelConfigHelloInterval 
Integer32, 
12tpTunnelConfigIdleTimeout 
Integer32, 
12tpTunnelConfigControlRWs 
Integer32, 
12tpTunnelConfigControlMaxRetx 
Integer32, 
12tpTunnelConfigControlMaxRetxTO 
Integer32, 
12tpTunnelConfigPayloadSeq 
INTEGER, 
12tpTunnelConfigReassemblyTO 
L2tpMilliSeconds, 
12tpTunnelConfigTransport 
INTEGER, 
12tpTunnelConfigDrainTunnel 
TruthValue, 
12tpTunnelConfigProxyPPPAuth 
TruthValue 
} 


12tpTunnelConfigIfIndex OBJECT-TYPE 


SYNTAX InterfaceIndex 
MAX-ACCESS not-accessible 
STATUS current 
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DESCRIPTION 
"This value for this object is equal to the value 
of ifIndex of the Interfaces MIB for tunnel 
interfaces of type L2TP." 

::= { 12tpTunnelConfigEntry I } 


12tpTunnelConfigDomainId OBJECT-TYPE 


SYNTAX SnmpAdminString (SIZE (1..80)) 
MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"The tunnel domain that this tunnel belongs 
to. A LNS tunnel endpoint will typically inherit 
this value from the endpoint domain table. A 
LAC may be provided with this information during 
tunnel setup. When a zero length string is returned 
this tunnel does not belong belong to any particular 
domain." 

::= { 12tpTunnelConfigEntry 2 } 


12tpTunnelConfigAuth OBJECT-TYPE 
SYNTAX INTEGER { 
none(1), 
simple(2), 
challenge (3) 
} 


MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object describes how L2TP tunnel peers are 
to be authenticated. The value ”simple” indicates 
that peers are authenticated simply by their host 
name as described in the Host Name AVP. The value 
‘challenge’ indicates that all peers are challenged 
to prove their identification. This mechanism is 
described in the L2TP protocol. This object cannot 
be modified when the tunnel is in a connecting or 
connected state." 

DEFVAL { none } 

::= { 12tpTunnelConfigEntry 3 } 


12tpTunnelConfigSecret OBJECT-TYPE 


SYNTAX SnmpAdminString (SIZE (0..255)) 
MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"This object is used to configure the shared secret 
used during the tunnel authentication phase of 
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tunnel establishment. This object cannot be modified 
when the tunnel is in a connecting or connected 
state. This object MUST be accessible only via 
requests using both authentication and privacy. 
The agent MUST report an empty string in response 
to get, get-next and get-bulk requests." 

:= { 12tpTunnelConfigEntry 4 } 


12tpTunnelConfigSecurity OBJECT-TYPE 


SYNTAX INTEGER { 
none(1), 
other(2), 
ipsec(3) 

) 

MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"This object defines whether this tunnel is to be 
secured. The value of ”ipSec' indicates that all 
tunnel packets, control and session, have IP 
Security headers. The type of IP Security headers 
(AH, ESP etc) and how they are further described 
is outside the scope of this document. This object 
cannot be modified when the tunnel is in a connecting 
or connected state." 

DEFVAL { none } 
::= ( 12tpTunnelConfigEntry 5 } 


12tpTunnelConfigHelloInterval OBJECT-TYPE 


SYNTAX Integer32 (0..3600) 
UNITS "seconds" 
MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"This object defines the interval in which Hello 
(or keep-alive) packets are to be sent to the 
tunnel peer. The value zero effectively disables 
the sending of Hello packets. Modifications to this 
object have immediate effect." 
DEFVAL { 60 } 
::= { 12tpTunnelConfigEntry 6 } 


12tpTunnelConfigIdleTimeout OBJECT-TYPE 


SYNTAX Integer32 (-1..86400) 
UNITS "seconds" 

MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 
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"This object defines the period of time that an 
established tunnel with no sessions will wait 
before disconnecting the tunnel. A value of 
zero indicates that the tunnel will disconnect 
immediately after the last session disconnects. 
A value of -1 leaves the tunnel up indefinitely. 
Modifications to this object have immediate 
effect." 

DEFVAL { 0 } 
::= { 12tpTunnelConfigEntry 7 } 


12tpTunnelConfigControlRWS OBJECT-TYPE 


SYNTAX Integer32 (1..65535) 
MAX-ACCESS read-write 

STATUS current 

DESCRIPTION 


"This object defines the control channel receive 
window size. It specifies the maximum number of 
packets the tunnel peer can send without waiting 
for an acknowledgement from this peer. This object 
cannot be modified when the tunnel is in a con- 
necting or connected state." 

DEFVAL { 4 } 
::= { 12tpTunnelConfigEntry 8 } 


12tpTunnelConfigControlMaxRetx OBJECT-TYPE 


SYNTAX Integer32 (0..32) 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object defines the number of retransmissions 
which the tunnel will attempt before assuming that 
the peer is no longer responding. A value of zero 
indicates that this peer will not attempt to 
retransmit an unacknowledged control packet. 
Modifications to this object have immediate 
effect.” 

DEFVAL { 5 } 
::= { 12tpTunnelConfigEntry 9 } 


12tpTunnelConfigControlMaxRetxTO OBJECT-TYPE 


SYNTAX Integer32 (1..32) 
UNITS "seconds" 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object defines the maximum retransmission timeout 
interval which the tunnel will wait before retrans- 
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mitting a control packet that has not been acknowledged. 
Modifications to this object have immediate effect." 
DEFVAL { 16 } 
::= { 12tpTunnelConfigEntry 10 ) 


12tpTunnelConfigPayloadSeq OBJECT-TYPE 
SYNTAX INTEGER { 
onDemand (1), 
never (2), 


always (3) 
} 
MAX-ACCESS read-write 
STATUS current 


DESCRIPTION 
"This object determines whether or not session payload 
packets will be requested to be sent with sequence 
numbers from tunnel peers belonging to this domain. 
The value onDemand(1) allows the L2TP implementation 
to initiate payload sequencing when necessary based 
on local information (e.g: during LCP/NCP negotiations 
or for CCP). The value never(2) indicates that L2TP 
will never initiate sequencing but will do sequencing 
if asked. The value always(3) indicates that L2TP 
will send the Sequencing Required AVP during session 
establishment. Modifications to this object have 
immediate effect." 

DEFVAL { onDemand } 

::= { 12tpTunnelConfigEntry 11 } 


12tpTunnelConfigReassemblyTO OBJECT-TYPE 


SYNTAX L2tpMilliSeconds 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object defines the number of milliseconds that 
this tunnel will wait before processing payload packets 
that were received out of sequence (which are waiting 
for the packet(s) to put them in sequence). A low value 
increases the chance of delayed packets to be discarded 
(which MAY cause the PPP decompression engine to 
reset) while a high value may cause more queuing and 
possibly degrade throughput if packets are truly lost. 
The default value for this object is zero which will 
result in all delayed packets being lost. Modifications 
to this object have immediate effect." 

DEFVAL { 0 } 
::= { 12tpTunnelConfigEntry 12 } 


Caves, et. al. Standards Track [Page 34] 


RFC 3371 


L2TP Management Information Base August 2002 


12tpTunnelConfigTransport OBJECT-TYPE 


SYNTAX INTEGER { 
other (1), 
none (2), 
udpIp (3), 
frameRelay (4), 
atm (5) 
} 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object defines the underlying transport media 
that is in use for this tunnel entry. Different tunnel 
transports may define MIB extensions to the L2TP tunnel 
table to realize the transport layer. For example if the 
value of this object is ”udpIp' then the value of ifIndex 
for this table may be used to determine state from the 
12tpUdpStatsTable. This object cannot be modified when 
the tunnel is in a connecting or connected state." 

::= ( 12tpTunnelConfigEntry 13 } 


12tpTunnelConfigDrainTunnel OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"Setting this object to ’true’ will prevent any new 
session from being either initiated or accepted but 
does NOT disconnect any active sessions for this 
tunnel. Note that when this occurs the 
12tpTunnelStatsDrainingTunnel status object of 
this tunnel should reflect that it is ”draining”. 
To cancel a drain this object should be set to 
false(2). Setting this object to false(2) when 
the L2TP objects 12tpDrainTunnels or 
12tpDomainConfigDrainTunnels is true(1) has 
no affect, this tunnels will continue to drain." 

DEFVAL { false } 
::= { 12tpTunnelConfigEntry 14 } 


12tpTunnelConfigProxyPPPAuth OBJECT-TYPE 


Caves, 
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SYNTAX TruthValue 
MAX-ACCESS read-write 
STATUS current 
DESCRIPTION 


"This object is used to configure the sending 
or acceptance of the session PPP Proxy 
Authentication AVP’s on the LAC or LNS." 
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DEFVAL { true } 


::= { 12tpTunnelConfigEntry 15 } 


EE The L2TP Tunnel Status and 


Statisticss Table 


12tpTunnelStatsTable OBJECT-TYPE 
SYNTAX SEQUENCE OF L2tpTunnelStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The L2TP tunnel status 
table contains objects 
the current status and 
tunnel. There is a 1-1 


and statistics table. This 
that can be used to describe 
statistics of a single L2TP 
correspondence between 


conceptual rows of this table and conceptual rows of 
the 12tpTunnelConfigTable." 


::= { 12tpObjects 5 } 


12tpTunnelStatsEntry OBJECT-TYPE 
SYNTAX L2tpTunnelStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"An L2TP tunnel interface stats entry." 
AUGMENTS { 12tpTunnelConfigEntry } 


:= { 12tpTunnelStatsTable 


L2tpTunnelStatsEntry ::= 
SEQUENCE { 


12tpTunnelStatsLocalTID 


Integer32, 


1) 


12tpTunnelStatsRemoteTID 


Integer32, 
12tpTunnelStatsState 
INTEGER, 


12tpTunnelStatsInitiated 


INTEGER, 


12tpTunnelStatsRemoteHostName 


SnmpAdminString, 


12tpTunnelStatsRemoteVendorName 


SnmpAdminString, 


12tpTunnelStatsRemoteFirmwareRev 


Integer32, 


12tpTunnelStatsRemoteProtocolVer 


OCTET STRING, 
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12tpTunnelStatsInitialRemoteRWS 
Integer32, 
12tpTunnelStatsBearerCaps 
INTEGER, 
12tpTunnelStatsFramingCaps 
INTEGER, 
12tpTunnelStatsControlRxPkts 
Counter32, 
12tpTunnelStatsControlRxZLB 
Counter32, 
12tpTunnelStatsControloutOoOfSeq 
Counter32, 
12tpTunnelStatsControloOutOfWin 
Counter32, 
12tpTunnelStatsControlTxPkts 
Counter32, 
12tpTunnelStatsControlTxZLB 
Counter32, 
12tpTunnelStatsControlAckTO 
Counter32, 
12tpTunnelStatsCurrentRemoteRWS 
Gauge32, 
12tpTunnelStatsTxSeq 
Integer32, 
12tpTunnelStatsTxSeqAck 
Integer32, 
12tpTunnelStatsRxSeq 
Integer32, 
12tpTunnelStatsRxSeqAck 
Integer32, 
12tpTunnelStatsTotalSessions 
Counter32, 
12tpTunnelStatsFailedSessions 
Counter32, 
12tpTunnelStatsActiveSessions 
Gauge32, 
12tpTunnelStatsLastResultCode 
Integer32, 
12tpTunnelStatsLastErrorCode 
Integer32, 
12tpTunnelStatsLastErrorMessage 
SnmpAdminString, 
12tpTunnelStatsDrainingTunnel 
TruthValue 
) 


12tpTunnelStatsLocalTID OBJECT-TYPE 
SYNTAX Integer32 (0..65535) 
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MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the local tunnel Identifier." 
REFERENCE "RFC 2661, Section 3.1" 
::= { 12tpTunnelStatsEntry 1 } 


12tpTunnelStatsRemoteTID OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the remote tunnel Identifier." 
REFERENCE "RFC 2661, Section 3.1" 
:= { 12tpTunnelStatsEntry 2 } 


12tpTunnelStatsState OBJECT-TYPE 
SYNTAX INTEGER { 
tunnelIdle(l), 
tunnelConnecting(2), 
tunnelEstablished(3), 
tunnelDisconnecting(4) 


} 


MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This field contains the current state of the 
control tunnel." 
:= { 12tpTunnelStatsEntry 3 } 


12tpTunnelStatsInitiated OBJECT-TYPE 
SYNTAX INTEGER { 
locally(1), 
remotely (2) 
} 


MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object indicates whether the tunnel was 
initiated locally or by the remote tunnel peer." 
::= { 12tpTunnelStatsEntry 4 } 


12tpTunnelStatsRemoteHostName OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the host name as discovered 
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during the tunnel establishment phase (via the Host 
Name AVP) of the L2TP peer. If the tunnel is idle 
this object should maintain its value from the last 
time it was connected." 

::= { 12tpTunnelStatsEntry 5 } 


12tpTunnelStatsRemoteVendorName OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the vendor name of the peer’s 
L2TP implementation. If the tunnel is idle this 
object should maintain its value from the last time 
it was connected." 

::= { 12tpTunnelStatsEntry 6 } 


12tpTunnelStatsRemoteFirmwareRev OBJECT-TYPE 


SYNTAX Integer32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the tunnel peer’s firmware 
revision number. If the tunnel is idle this object 
should maintain its value from the last time it 
was connected." 

::= { 12tpTunnelStatsEntry 7 } 


12tpTunnelStatsRemoteProtocolVer OBJECT-TYPE 


SYNTAX OCTET STRING (SIZE(2) ) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object describes the protocol version and 
revision of the tunnel peers implementation. The 
first octet contains the protocol version. The 
second octet contains the protocol revision." 

::= { 12tpTunnelStatsEntry 8 } 


12tpTunnelStatsInitialRemoteRWS OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the initial remote peer’s 
receive window size as indicated by the tunnel peer 
(in the RWS AVP) during the tunnel establishment 
phase. If the tunnel is idle this object should 
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maintain its value from the last time it was 
connected." 
::= { 12tpTunnelStatsEntry 9 } 


12tpTunnelStatsBearerCaps OBJECT-TYPE 
SYNTAX INTEGER { 
none(1), 
digital(2), 
analog(3), 
digitalAnalog(4) 
) 


MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object describes the Bearer Capabilities of 
the tunnel peer. If the tunnel is idle this object 
should maintain its value from the last time it was 
connected." 

::= ( 12tpTunnelStatsEntry 10 } 


12tpTunnelStatsFramingCaps OBJECT-TYPE 
SYNTAX INTEGER { 
none(1), 
sync(2), 
async(3), 
syncAsync (4) 
} 


MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object describes the Framing Capabilities of 
the tunnel peer. If the tunnel is idle this object 
should maintain its value from the last time it was 
connected." 

::= { 12tpTunnelStatsEntry 11 } 


12tpTunnelStatsControlRxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the number of control packets 
received on the tunnel." 
:= { 12tpTunnelStatsEntry 12 } 


12tpTunnelStatsControlRxZLB OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
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STATUS current 

DESCRIPTION 
"This object returns a count of the number of Zero 
Length Body control packet acknowledgement packets 
that were received." 

::= { 12tpTunnelStatsEntry 13 } 


12tpTunnelStatsControlOutOfSeq OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns a count of the number of 
control packets that were not received in the 
correct order (as per the sequence number) 
on this tunnel including out of window 
packets." 

::= { 12tpTunnelStatsEntry 14 } 


12tpTunnelStatsControlOutOfWin OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the number of control 
packets that were received outside of the 
offered receive window. It is implementation 
specific as to whether these packets are queued 
or discarded." 

:= { 12tpTunnelStatsEntry 15 } 


12tpTunnelStatsControlTxPkts OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the number of control 
packets that were transmitted to the tunnel 
peer." 

::= { 12tpTunnelStatsEntry 16 } 


12tpTunnelStatsControlTxZLB OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the number of Zero Length 
Body control packets transmitted to the tunnel 
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peer." 
{ 12tpTunnelStatsEntry 17 } 


12tpTunnelStatsControlAckTO OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns a count of the number of 
control packet timeouts due to the lack of a 
timely acknowledgement from the tunnel peer." 
{ 12tpTunnelStatsEntry 18 } 


12tpTunnelStatsCurrentRemoteRWS OBJECT-TYPE 


SYNTAX Gauge32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 
DESCRIPTION 


"This object contains the current remote receive 
window size as determined by the local flow 
control mechanism employed." 

{ 12tpTunnelStatsEntry 19 } 


12tpTunnelStatsTxSeq OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the next send sequence number 
for the control channel." 
{ 12tpTunnelStatsEntry 20 } 


12tpTunnelStatsTxSeqAck OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the send sequence number that 
the tunnel peer has acknowledged for the control 
channel. The flow control state can be determined 
by subtracting the 12tpTunnelStatsTxSeq from 
12tpTunnelStatsTxSegAck and comparing this value 
to l2tpTunnelStatsCurrentRemoteRWS (taking into 
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consideration sequence number wraps). 
{ l12tpTunnelStatsEntry 21 } 


12tpTunnelStatsRxSeq OBJECT-TYPE 


SYNTAX 
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Integer32 (0..65535) 
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MAX-ACCESS 

STATUS 

DESCRIPTION 
"This object 
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read-only 
current 


contains the next receive sequence 


number expected to be received on this control 


channel." 


:= { 12tpTunnelStatsEntry 22 } 


12tpTunnelStatsRxSeqAck 
SYNTAX 
MAX-ACCESS 
STATUS 
DESCRIPTION 
"This object 
number that 


OBJECT-TYPE 
Integer32 (0..65535) 
read-only 

current 


contains the last receive sequence 
was acknowledged back to the tunnel 
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peer for the control channel." 
::= { 12tpTunnelStatsEntry 23 } 


12tpTunnelStatsTotalSessions OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the total number of sessions 
that this tunnel has successfully connected through 
to its tunnel peer since this tunnel was created." 

::= { 12tpTunnelStatsEntry 24 } 


12tpTunnelStatsFailedSessions OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the total number of sessions 
that were initiated but failed to reach the 
established phase." 

:= { 12tpTunnelStatsEntry 25 } 


12tpTunnelStatsActiveSessions OBJECT-TYPE 


SYNTAX Gauge32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the total number of sessions 
in the established state for this tunnel." 
::= { 12tpTunnelStatsEntry 26 } 


12tpTunnelStatsLastResultCode OBJECT-TYPE 
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SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the last value of the result 
code as described in the Result Code AVP which 
caused the tunnel to disconnect." 

:= { 12tpTunnelStatsEntry 27 } 


12tpTunnelStatsLastErrorCode OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the last value of the error 
code as described in the Result Code AVP which 
caused the tunnel to disconnect." 

::= { 12tpTunnelStatsEntry 28 } 


12tpTunnelStatsLastErrorMessage OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the last value of the optional 
message as described in the Result Code AVP which 
caused the tunnel to disconnect." 

::= { 12tpTunnelStatsEntry 29 } 


12tpTunnelStatsDrainingTunnel OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object indicates if this tunnel is draining 
off sessions. This object will return false(2) when 
the tunnel is not draining sessions or after the 
last session has disconnected when the tunnel is in 
the draining state." 

::= { 12tpTunnelStatsEntry 30 } 


== { l2tpObjects 6 } reserved for future use 


=e The L2TP Session Status and Statistics Table 
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12tpSessionStatsTable OBJECT-TYPE 


SYNTAX SEQUENCE OF L2tpSessionStatsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"The L2TP session status and statistics table. This 
table contains the objects that can be used to 
describe the current status and statistics of a 
single L2TP tunneled session." 

::= { 12tpObjects 7 } 


12tpSessionStatsEntry OBJECT-TYPE 


SYNTAX L2tpSessionStatsEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"An L2TP session interface stats entry." 
INDEX { 12tpSessionStatsTunnelIfIndex, 
l2tpSessionStatsLocalSID } 
::= ( 12tpSessionStatsTable 1 } 


L2tpSessionStatsEntry ::= 
SEQUENCE { 
l2tpSessionStatsTunnelIfIndex 
InterfaceIndex, 
l12tpSessionStatsIfIndex 
InterfaceIndex, 
12tpSessionStatsLocalSID 
Integer32, 
12tpSessionStatsRemoteSID 
Integer32, 
12tpSessionStatsUserName 
SnmpAdminString, 
12tpSessionStatsState 
INTEGER, 
12tpSessionStatsCallType 
INTEGER, 
12tpSessionStatsCallSerialNumber 
Unsigned32, 
12tpSessionStatsTxConnect Speed 
Unsigned32, 
12tpSessionStatsRxConnect Speed 
Unsigned32, 
12tpSessionStatsCallBearerType 
INTEGER, 
12tpSessionStatsFramingType 
INTEGER, 
l2tpSessionStatsPhysChanId 
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Unsigned32, 
12tpSessionStatsDNIS 
SnmpAdminString, 
12tpSessionStatsCLID 
SnmpAdminString, 
12tpSessionStatsSubAddress 
SnmpAdminString, 
l2tpSessionStatsPrivateGroupID 
SnmpAdminString, 
12tpSessionStatsProxyLcp 
TruthValue, 
12tpSessionStatsAuthMethod 
INTEGER, 
12tpSessionStatsSequencingState 
INTEGER, 
12tpSessionStatsOutSequence 
Counter32, 
12tpSessionStatsReassemblyTO 
Counter32, 
12tpSessionStatsTxSeq 
Integer32, 
12tpSessionStatsRxSeq 
Integer32 
} 


12tpSessionStatsTunnellIfIndex OBJECT-TYPE 


SYNTAX InterfaceIndex 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"This object identifies the session’s associated 
L2TP tunnel ifIndex value." 
::= { 12tpSessionStatsEntry I } 


12tpSessionStatsIfIndex OBJECT-TYPE 


SYNTAX InterfaceIndex 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the ifIndex value of the 
interface from which PPP packets are being tunneled. 
For example this could be a DSO ifIndex ona 
LAC or it would be the PPP ifIndex on the LNS." 

:= { 12tpSessionStatsEntry 2 } 


12tpSessionStatsLocalSID OBJECT-TYPE 


SYNTAX Integer32 (1..65535) 
MAX-ACCESS not-accessible 
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STATUS current 

DESCRIPTION 
"This object contains the local assigned session 
identifier for this session." 

REFERENCE "RFC 2661, Section 3.1" 

::= { 12tpSessionStatsEntry 3 } 


12tpSessionStatsRemoteSID OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the remote assigned session 
identifier for this session. When a session is 
starting this value may be zero until the remote 
tunnel endpoint has responded." 

REFERENCE "RFC 2661, Section 3.1" 
::= { 12tpSessionStatsEntry 4 } 


12tpSessionStatsUserName OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the peer session name on 
this interface. This is typically the login name 
of the remote user. If the user name is unknown to 
the local tunnel peer then this object will contain 
a null string." 

:= { 12tpSessionStatsEntry 5 } 


12tpSessionStatsState OBJECT-TYPE 
SYNTAX INTEGER { 
sessionIdle(1l), 
sessionConnecting(2), 
sessionEstablished(3), 
sessionDisconnecting(4) 


} 


MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"This object contains the current state of the 
session." 


:= { 12tpSessionStatsEntry 6 } 
12tpSessionStatsCallType OBJECT-TYPE 


SYNTAX INTEGER { 
lacIncoming (1), 
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insIncoming (2), 

lacOutgoing (3), 

InsOutgoing (4) 
} 


MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object indicates the type of call and the 
role this tunnel peer is providing for this 
session. For example, lacIncoming(1) indicates 
that this tunnel peer is acting as a LAC and 
generated a Incoming-Call-Request to the tunnel 
peer (the LNS). Note that tunnel peers can be 
both LAC and LNS simultaneously." 

:= { 12tpSessionStatsEntry 7 } 


12tpSessionStatsCallSerialNumber OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the serial number that has 
been assigned to this session." 
::= { 12tpSessionStatsEntry 8 } 


12tpSessionStatsTxConnectSpeed OBJECT-TYPE 


SYNTAX Unsigned32 

UNITS "bits per second" 
MAX-ACCESS read-only 

STATUS current 
DESCRIPTION 


"This object returns the last known transmit 
baud rate for this session." 
::= { 12tpSessionStatsEntry 9 } 


12tpSessionStatsRxConnectSpeed OBJECT-TYPE 


SYNTAX Unsigned32 

UNITS "bits per second" 
MAX-ACCESS read-only 

STATUS current 
DESCRIPTION 


"This object returns the last known receive 
baud rate for this session established." 
:= { 12tpSessionStatsEntry 10 } 


12tpSessionStatsCallBearerType OBJECT-TYPE 


SYNTAX INTEGER { 
none(1), 
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digital (2), 


analog (3) 
} 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"This object describes the bearer type of this 
session." 


::= { 12tpSessionStatsEntry 11 } 


12tpSessionStatsFramingType OBJECT-TYPE 


SYNTAX INTEGER { 
none (1), 
sync (2), 
async (3) 
} 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 
"This object describes the framing type of this 
session." 


:= { 12tpSessionStatsEntry 12 } 


12tpSessionStatsPhysChanId OBJECT-TYPE 


SYNTAX Unsigned32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the physical channel 
identifier for the session." 
::= { 12tpSessionStatsEntry 13 } 


12tpSessionStatsDNIS OBJECT-TYPE 
SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the Dialed Number 
Information String that the LAC obtained from 
the network for the session. If no DNIS was 
provided then a null string will be returned." 

::= { 12tpSessionStatsEntry 14 } 


12tpSessionStatsCLID OBJECT-TYPE 
SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


Caves, et. al. Standards Track 


[Page 49] 


RFC 3371 


L2TP Management Information Base 


"This object identifies the Calling Line ID 
that the LAC obtained from the network for 
the session. If no CLID was provided then a 
null string will be returned." 

::= { 12tpSessionStatsEntry 15 } 


12tpSessionStatsSubAddress OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the Sub Address that 
the LAC obtained from the network for the 
session. If no Sub Address was provided then 
a null string will be returned." 

::= { 12tpSessionStatsEntry 16 } 


12tpSessionStatsPrivateGroupID OBJECT-TYPE 


SYNTAX SnmpAdminString 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object identifies the Private Group 
Identifier used for this tunneled session. 
If no Private Group Identifier was provided 
then a null string will be returned." 

::= { 12tpSessionStatsEntry 17 } 


12tpSessionStatsProxyLcp OBJECT-TYPE 


SYNTAX TruthValue 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"Indicates whether the LAC performed proxy LCP 
for this session." 
::= { 12tpSessionStatsEntry 18 } 


12tpSessionStatsAuthMethod OBJECT-TYPE 


Caves, 
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SYNTAX INTEGER { 

none(1), 
text (2), 
pppChap (3), 
pppPap (4), 
pppEap (5), 
pppMsChapV1 (6), 
pepMsChapv2 (7), 
other (8) 
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MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object contains the proxy authentication 
method employed by the LAC for the session. If 
l2tpSessionProxyLcp is false(2) this object 
should not be interpreted." 

:= { 12tpSessionStatsEntry 19 } 


12tpSessionStatsSequencingState OBJECT-TYPE 


SYNTAX INTEGER { 
none(1), 
remote(2), 
local(3), 
both (4) 

} 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object defines which tunnel peers have 
requested payload sequencing. The value of 
both(4) indicates that both peers have requested 
payload sequencing." 

::= { 12tpSessionStatsEntry 20 } 


12tpSessionStatsOutSequence OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the total number of packets 
received for this session which were received out 
of sequence." 

::= { 12tpSessionStatsEntry 21 } 


12tpSessionStatsReassemblyTO OBJECT-TYPE 


SYNTAX Counter32 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This object returns the number of reassembly 
timeouts that have occurred for this session." 
::= { 12tpSessionStatsEntry 22 } 


12tpSessionStatsTxSeq OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 
STATUS current 
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DESCRIPTION 
"This object contains the next send sequence number 
for for this session." 

::= { 12tpSessionStatsEntry 23 } 


12tpSessionStatsRxSeq OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the next receive sequence 
number expected to be received on this session." 
::= { 12tpSessionStatsEntry 24 } 


== The L2TP Tunnel Mapping Table 


12tpTunnelMapTable OBJECT-TYPE 
SYNTAX SEQUENCE OF L2tpTunnelMapEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The L2TP Tunnel index mapping table. This table 
is intended to assist management applications 
to quickly determine what the ifIndex value is 
for a given local tunnel identifier." 

::= { 12tpObjects 8 } 


12tpTunnelMapEntry OBJECT-TYPE 


SYNTAX L2tpTunnelMapEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"An L2TP tunnel index map entry." 
INDEX { 12tpTunnelMapLocalTID } 
:= { 12tpTunnelMapTable 1 } 


L2tpTunnelMapEntry ::= 
SEQUENCE { 
12tpTunnelMapLocalTID 
Integer32, 
12tpTunnelMapIfIndex 
InterfaceIndex 


} 


12tpTunnelMapLocalTID OBJECT-TYPE 
SYNTAX Integer32 (1..65535) 
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MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"This object contains the local tunnel Identifier." 
REFERENCE "RFC 2661, Section 3.1" 
::= { 12tpTunnelMapEntry 1 } 


12tpTunnelMapIfIndex OBJECT-TYPE 
SYNTAX InterfaceIndex 
MAX-ACCESS read-only 
STATUS current 
DESCRIPTION 


"This value for this object is equal to the value 
of ifIndex of the Interfaces MIB for tunnel 
interfaces of type L2TP." 

::= { 12tpTunnelMapEntry 2 } 


pate The L2TP Session Mapping Table 


12tpSessionMapTable OBJECT-TYPE 
SYNTAX SEQUENCE OF L2tpSessionMapEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The L2TP Session index mapping table. This table 
is intended to assist management applications 
to map interfaces to a tunnel and session 
identifier." 

::= { 12tpObjects 9 } 


12tpSessionMapEntry OBJECT-TYPE 
SYNTAX L2tpSessionMapEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"An L2TP Session index map entry." 
INDEX { 12tpSessionMapIfIndex } 
::= { 12tpSessionMapTable 1 } 


L2tpSessionMapEntry ::= 
SEQUENCE { 
12tpSessionMapIfIndex 
InterfaceIndex, 
12tpSessionMapTunnellIfIndex 
InterfaceIndex, 
12tpSessionMapLocalSID 
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Integer32, 
12tpSessionMapStatus 
RowStatus 


} 


12tpSessionMapI fIndex OBJECT-TYPE 


SYNTAX InterfaceIndex 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"This object identifies the ifIndex value of the 
interface which is receiving or sending its packets 
over an L2TP tunnel. For example this could be a DSO 
ifIndex on a LAC or a PPP ifIndex on the LNS." 

:= { 12tpSessionMapEntry 1 ) 


12tpSessionMapTunnelIfIndex OBJECT-TYPE 


SYNTAX InterfaceIndex 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"This object identifies the sessions associated 
L2TP tunnel ifIndex value. When this object is 
set it provides a binding between a particular 
interface identified by 12tpSessionMapIfIndex 
to a particular tunnel." 

::= { 12tpSessionMapEntry 2 } 


12tpSessionMapLocalSID OBJECT-TYPE 


SYNTAX Integer32 (1..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object contains the local assigned session 
identifier for this session." 
REFERENCE "RFC 2661, Section 3.1" 
:= { 12tpSessionMapEntry 3 } 


12tpSessionMapStatus OBJECT-TYPE 
SYNTAX RowStatus 
MAX-ACCESS read-create 
STATUS current 
DESCRIPTION 


"The status of this session map entry." 
:= { 12tpSessionMapEntry 4 } 


== { 12tpIpUdpObjects 1 } reserved for future use 
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== The L2TP UDP/IP Transport Status and Statistics Table 


12tpUdpStatsTable OBJECT-TYPE 
SYNTAX SEQUENCE OF L2tpUdpStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The L2TP UDP/IP transport stats table. This table 
contains objects that can be used to describe the 
current status and statistics of the UDP/IP L2TP 
tunnel transport." 

::= ( 12tpIpUdpObjects 2 } 


12tpUdpStatsEntry OBJECT-TYPE 
SYNTAX L2tpUdpStatsEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"An L2TP UDP/IP transport stats entry." 
INDEX ( 12tpUdpStatsIfIndex } 
::= ( 12tpUdpStatsTable 1 } 


L2tpUdpStatsEntry ::= 
SEQUENCE { 
12tpUdpStatsIfIndex 
InterfaceIndex, 
12tpUdpStatsPeerPort 
Integer32, 
12tpUdpStatsLocalPort 
Integer32 
} 


12tpUdpStatsIfIndex OBJECT-TYPE 
SYNTAX InterfaceIndex 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 
"This value for this object is equal to the 
value of ifIndex of the Interfaces MIB for 
tunnel interfaces of type L2TP and which have 
a L2TP transport of UDP/IP." 
:= { 12tpUdpStatsEntry 1 } 


12tpUdpStatsPeerPort OBJECT-TYPE 
SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 
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STATUS current 

DESCRIPTION 
"This object reflects the peer’s UDP port number 
used for this tunnel. When not known a value of 
zero should be returned." 

::= { 12tpUdpStatsEntry 2 } 


12tpUdpStatsLocalPort OBJECT-TYPE 


SYNTAX Integer32 (0..65535) 
MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 


"This object reflects the local UDP port number 
that this tunnel is bound to." 
:= { 12tpUdpStatsEntry 3 } 


== Definition of generic L2TP notifications 


l2tpTunnelAuthFailure NOTIFICATION-TYPE 
OBJECTS { 
l2tpTunnelStatsInitiated, 
l2tpTunnelStatsRemoteHostName 
} 
STATUS current 
DESCRIPTION 
"A 12tpTunnelAuthFailure trap signifies that an 
attempt to establish a tunnel to a remote peer 
has failed authentication." 
::= { 12tpNotifications 1 } 


EE conformance information 


12tpGroups OBJECT IDENTIFIER ::= { 12tpConformance 1 } 
12tpCompliances OBJECT IDENTIFIER { 12tpConformance 2 } 


== compliance statements 


12tpMIBFullCompliance MODULE-COMPLIANCE 
STATUS current 
DESCRIPTION 
"When this MIB is implemented with support for 
read-create and read-write, then such an 
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implementation can claim full compliance. Such 
an implementation can then be both monitored 
and configured with this MIB." 


MODULE -- this module 


-- unconditionally mandatory groups 
MANDATORY-GROUPS { 
12tpConfigGroup, 
12tpStatsGroup, 
12tpTrapGroup 
} 

-- conditionally mandatory groups 
GROUP 12tpIpUdpGroup 
DESCRIPTION 

"This group is mandatory for implementations that 
support L2TP over UDP/IP." 


-- optional groups 
GROUP 12tpDomainGroup 
DESCRIPTION 
"This group is optional for L2TP devices that 
group tunnel endpoints into tunnel domains." 


-- optional Mapping Group 
GROUP 12tpMappingGroup 
DESCRIPTION 
"This group is optional for L2TP devices that 
provide index mapping." 


-- optional Security Group 
GROUP 12tpSecurityGroup 
DESCRIPTION 
"This group is optional for SNMP agents which support 
both authentication and privacy of SNMP messages for 
the management of L2TP keys." 


-- optional High Capacity Group 
GROUP 12tpHCPacketGroup 
DESCRIPTION 
"This group is mandatory for implementations that 
support the 12tpDomainGroup AND could potentially 
overflow the L2TP Domain 32-bit counters is less 
than one hour." 


::= { 12tpCompliances 1 } 


12tpMIBReadOnlyCompliance MODULE-COMPLIANCE 
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STATUS current 

DESCRIPTION 
"When this MIB is implemented without support for 
read-create and read-write (i.e. in read-only mode), 
then such an implementation can claim read-only 
compliance. Such an implementation can then be 
monitored but can not be configured with this MIB." 


MODULE -- this module 


-- unconditionally mandatory groups 
MANDATORY-GROUPS { 
12tpConfigGroup, 
12tpStatsGroup, 
12tpTrapGroup 
} 


OBJECT 12tpAdminState 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDrainTunnels 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigDomainId 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigHelloInterval 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigIdleTimeout 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigControlRWs 
MIN-ACCESS read-only 
DESCRIPTION 


"Write access is not required." 


OBJECT 12tpTunnelConfigControlMaxRetx 
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MIN-ACCESS read-only 
DESCRIPTION 
"Write access is not required." 


OBJECT 12tpTunnelConfigControlMaxRetxTO 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigPayloadSeq 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigReassemblyTO 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigTransport 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigDrainTunnel 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigProxyPPPAuth 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


-- conditionally mandatory groups 
GROUP 12tpIpUdpGroup 
DESCRIPTION 
"This group is mandatory for implementations that 
support L2TP over UDP/IP." 


-- optional groups 
GROUP 12tpDomainGroup 
DESCRIPTION 
"This group is optional for L2TP devices that 
group tunnel endpoints into tunnel domains." 


OBJECT 12tpDomainConfigAdminState 
MIN-ACCESS read-only 
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DESCRIPTION 
"Write access is not required." 


OBJECT 12tpDomainConfigDrainTunnels 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigTunnelHelloInt 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigTunnelIdleTO 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigControlRWS 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigControlMaxRetx 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigControlMaxRetxTO 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigPayloadSeq 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigReassemblyTO 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigProxyPPPAuth 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 
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OBJECT 12tpDomainConfigStorageType 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigStatus 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


-- optional Mapping Group 
GROUP 12tpMappingGroup 
DESCRIPTION 
"This group is optional for L2TP devices that 
provide index mapping." 


OBJECT l2tpSessionMapTunnelIfIndex 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpSessionMapStatus 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


-- optional Security Group 
GROUP 12tpSecurityGroup 
DESCRIPTION 
"This group is optional for SNMP agents which support 
both authentication and privacy of SNMP messages for 
the management of L2TP keys." 


OBJECT 12tpDomainConfigAuth 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigSecret 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpDomainConfigTunnelSecurity 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 
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OBJECT 12tpTunnelConfigAuth 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigSecret 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


OBJECT 12tpTunnelConfigSecurity 
MIN-ACCESS read-only 
DESCRIPTION 

"Write access is not required." 


optional High Capacity Group 

GROUP 12tpHCPacketGroup 

DESCRIPTION 
"This group is mandatory for implementations that 
support the 12tpDomainGroup AND could potentially 
overflow the L2TP Domain 32-bit counters is less 
than one hour." 


::= { 12tpCompliances 2 } 


-- units of conformance 


12tpConfigGroup OBJECT-GROUP 
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OBJECTS ( 
12tpAdminState, 
12tpDrainTunnels, 
12tpTunnelConfigDomainId, 
12tpTunnelConfigHelloInterval, 
12tpTunnelConfigIdleTimeout, 
12tpTunnelConfigControlRWws, 
12tpTunnelConfigControlMaxRetx, 
12tpTunnelConfigControlMaxRetxTO, 
12tpTunnelConfigPayloadSeq, 
12tpTunnelConfigReassemblyTO, 
12tpTunnelConfigTransport, 
12tpTunnelConfigDrainTunnel, 
12tpTunnelConfigProxyPPPAuth 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing configuration 
information of the L2TP protocol, tunnels and 
sessions." 
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::= { 12tpGroups 1 } 


12tpStatsGroup OBJECT-GROUP 
OBJECTS { 

l2tpProtocolVersions, 
12tpVendorName, 
12tpFirmwareRev, 
12tpDrainingTunnels, 
12tpTunnelStatsLocalTID, 
12tpTunnelStatsRemoteTID, 
12tpTunnelStatsState, 
12tpTunnelStatsInitiated, 
12tpTunnelStatsRemoteHostName, 
12tpTunnelStatsRemoteVendorName, 
12tpTunnelStatsRemoteFirmwareRev, 
12tpTunnelStatsRemoteProtocolVer, 
12tpTunnelStatsInitialRemoteRWS, 
12tpTunnelStatsBearerCaps, 
12tpTunnelStatsFramingCaps, 
12tpTunnelStatsControlRxPkts, 
12tpTunnelStatsControlRxZLB, 
12tpTunnelStatsControloOutOfSeq, 
12tpTunnelStatsControloOutOfWin, 
12tpTunnelStatsControlTxPkts, 
12tpTunnelStatsControlTxZLB, 
12tpTunnelStatsControlAckTO, 
12tpTunnelStatsCurrentRemoteRWs, 
12tpTunnelStatsTxSeq, 
12tpTunnelStatsTxSeqAck, 
12tpTunnelStatsRxSeq, 
12tpTunnelStatsRxSeqAck, 
12tpTunnelStatsTotalSessions, 
12tpTunnelStatsFailedSessions, 
12tpTunnelStatsActiveSessions, 
12tpTunnelStatsLastResultCode, 
12tpTunnelStatsLastErrorCode, 
12tpTunnelStatsLastErrorMessage, 
12tpTunnelStatsDrainingTunnel, 
12tpSessionStatsIfIndex, 
12tpSessionStatsRemoteSID, 
12tpSessionStatsUserName, 
12tpSessionStatsState, 
12tpSessionStatsCallType, 
12tpSessionStatsCallSerialNumber, 
12tpSessionStatsTxConnect Speed, 
12tpSessionStatsRxConnect Speed, 
12tpSessionStatsCallBearerType, 
12tpSessionStatsFramingType, 
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12tpSessionStatsPhysChanId, 
12tpSessionStatsDNIS, 
12tpSessionStatsCLID, 
12tpSessionStatsSubAddress, 
12tpSessionStatsPrivateGroupID, 
12tpSessionStatsProxyLcp, 
12tpSessionStatsAuthMethod, 
12tpSessionStatsSequencingState, 
12tpSessionStatsOutSequence, 
12tpSessionStatsReassemblyTO, 
12tpSessionStatsTxSeq, 
12tpSessionStatsRxSeq 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing status and 
statistics of the L2TP protocol, tunnels and 
sessions." 

::= { 12tpGroups 2 } 


12tpIpUdpGroup OBJECT-GROUP 
OBJECTS { 
12tpUdpStatsPeerPort, 
12tpUdpStatsLocalPort 
) 
STATUS current 
DESCRIPTION 
"A collection of objects providing status and 
statistics of the L2TP UDP/IP transport layer." 
:= { 12tpGroups 3 } 


12tpDomainGroup OBJECT-GROUP 
OBJECTS ( 

12tpDomainConfigAdminState, 
12tpDomainConfigDrainTunnels, 
12tpDomainConfigTunnelHelloInt, 
12tpDomainConfigTunnelIdleTO, 
12tpDomainConfigControlRWS, 
12tpDomainConfigControlMaxRetx, 
12tpDomainConfigControlMaxRetxTO, 
12tpDomainConfigPayloadSeq, 
12tpDomainConfigReassemblyTO, 
12tpDomainConfigProxyPPPAuth, 
12tpDomainConfigStorageType, 
12tpDomainConfigStatus, 
12tpDomainStatsTotalTunnels, 
12tpDomainStatsFailedTunnels, 
12tpDomainStatsFailedAuths, 
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12tpDomainStatsActiveTunnels, 
12tpDomainStatsTotalSessions, 
12tpDomainStatsFailedSessions, 
12tpDomainStatsActiveSessions, 
12tpDomainStatsDrainingTunnels, 
12tpDomainStatsControlRxOctets, 
12tpDomainStatsControlRxPkts, 
12tpDomainStatsControlTxOctets, 
12tpDomainStatsControlTxPkts, 
12tpDomainStatsPayloadRxOctets, 
12tpDomainStatsPayloadRxPkts, 
12tpDomainStatsPayloadRxDiscs, 
12tpDomainStatsPayloadTxOctets, 
12tpDomainStatsPayloadTxPkts 


} 
STATUS current 
DESCRIPTION 
"A collection of objects providing configuration, 
status and statistics of L2TP tunnel domains." 
::= { 12tpGroups 4 } 


12tpMappingGroup OBJECT-GROUP 


OBJECTS { 
12tpTunnelMapIfIndex, 
l2tpSessionMapTunnelIfIndex, 
12tpSessionMapLocalSID, 
12tpSessionMapStatus 
} 
STATUS current 
DESCRIPTION 
"A collection of objects providing index mapping." 
::= { 12tpGroups 5 } 


12tpSecurityGroup OBJECT-GROUP 
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OBJECTS { 
12tpDomainConfigAuth, 
12tpDomainConfigSecret, 
12tpDomainConfigTunnelSecurity, 
12tpTunnelConfigAuth, 
12tpTunnelConfigSecret, 
12tpTunnelConfigSecurity 

} 

STATUS current 

DESCRIPTION 
"A collection of objects providing L2TP security 
configuration." 

::= { 12tpGroups 6 } 
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12tpTrapGroup NOTIFICATION-GROUP 

NOTIFICATIONS { 
12tpTunnelAuthFailure 

} 

STATUS current 

DESCRIPTION 
"A collection of L2TP trap events as specified 
in NOTIFICATION-TYPE constructs." 

::= { 12tpGroups 7 } 


12tpHCPacketGroup OBJECT-GROUP 
OBJECTS { 

12tpDomainStatsControlHCRxOctets, 

12tpDomainStatsControlHCRxPkts, 

12tpDomainStatsControlHCTxOctets, 
12tpDomainStatsControlHCTxPkts, 
12tpDomainStatsPayloadHCRxOctets, 
12tpDomainStatsPayloadHCRxPkts, 
12tpDomainStatsPayloadHCRxDiscs, 
12tpDomainStatsPayloadHCTxOctets, 
12tpDomainStatsPayloadHCTxPkts 


} 
STATUS current 
DESCRIPTION 
"A collection of objects providing High Capacity 
64-bit counter objects." 
::= { 12tpGroups 8 } 


END 
5.0 Security Considerations 


This MIB contains readable objects whose values provide information 
related to L2TP tunnel interfaces. There are also a number of 
objects that have a MAX-ACCESS clause of read-write and/or read- 
create, such as those which allow an administrator to dynamically 
configure tunnels. 


While unauthorized access to the readable objects is relatively 
innocuous, unauthorized access to the write-able objects could cause 
a denial of service, or could cause unauthorized creation and/or 
manipulation of tunnels. Hence, the support for SET operations ina 
non-secure environment without proper protection can have a negative 
effect on network operations. 
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SNMPv1 by itself is such an insecure environment. Even if the 
network itself is secure (for example by using IPSec [RFC2401]), even 
then, there is no control as to who on the secure network is allowed 
to access and SET (change/create/delete) the objects in this MIB. 


If the agent allows configuring keys (for example the 
12tpDomainConfigSecret object) via SNMP, for use by L2TP, then the 
security of L2TP is at best only as secure as SNMP. For this reason, 
all objects in the 12tpSecurityGroup MUST NOT be accessible via 
unencrypted messages. It is also recommended that keys not be made 
visible through SNMP GET (or GET-NEXT or GET-BULK) messages, even if 
encryption is used. 


It is recommended that the implementers consider the security 
features as provided by the SNMPv3 framework. Specifically, the use 
of the User-based Security Model RFC 2574 [RFC2574] and the View- 
based Access Control Model RFC 2575 [RFC2575] is recommended. 


It is then a customer/user responsibility to ensure that the SNMP 
entity giving access to this MIB, is properly configured to give 
access to those objects only to those principals (users) that have 
legitimate rights to access them. 
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